<?php

//////////////////////////////////////////////////
//			Xtra Forum Software                           //
//			      Version 0.2.0                                   //
//		 -----------------------------------------	          //
//               Copyright 2008, Xtra Forum Software           //
//	        http://www.xtraforumsoftware.us.to/           //
/////////////////////////////////////////////////

?>

<?php

function Check_Login()
{
	global $db_prefix; // Include the globals, or things wont work...
	$username = mysql_real_escape_string($_POST['username']); // Escape and grab the username and put it in a pretty variable
	$password = mysql_real_escape_string($_POST['password']); // Dito Password
	$md5pass = md5($password); // md5 encrypt the password
	$ip = $_SERVER[REMOTE_ADDR]; // Grab the users IP address
	if(isset($username)) // If the username is set
	{
		if(isset($password)) // If the password is set
		{
			// Check to see if the user even exists.
			mysql_query("SELECT * FROM " .$db_prefix. "users WHERE username='$username' AND password='$md5pass'");
			$count = mysql_affected_rows();
			if($count == "1") // If he does, then:
			{
				// Set Session
				$_SESSION['user'] = "$username";
				$_SESSION['ip'] = "$ip";
				// Tell them it succeeded
				echo "You have been logged in " .$_SESSION['user']. ", you will be redirected in 5 seconds.";
				// Redirect them! We don't want them here anymore!
				?>
				<meta http-equiv="refresh" content="5;url=index.php">
				<?php
			}
			else
			{
				echo "Username or Password is wrong."; // Tell them their pass or user is wrong
			}
		}
		else
		{
			echo "Password not set."; // Tell them their password is not set
		}
	}
	else
	{
		echo "Username not set."; // Tell them their username is not set
	}
}

?>